I have a website on which the user has to enter quite a number of data using text boxes. I want to lock the textbox after the first use. I mean for the example the user has to enter his name and save it but once saved, the user should not be able to change it again.
So can anybody suggest me what changes has to be made in this code
<td align="left" valign="top">
<input class="tooltip v_empty" title="first name" type="text"
name="<?php echo "LP".$lp_id."_"; ?>firstname[self]"
id="firstname[self]"
value="<?php echo $PLAN->lp[$lp->lp_id]->info['self']->firstname; ?>" />
</td>
You should use a better title. the disabled attribute in html may help you.
http://www.javascriptkit.com/javatutors/deform3.shtml
The <input> HTML elements take a disabled="disabled" argument which renders the user unable to normally modify the contents of the field (it will be greyed out). (Take note, that local HTML source modification can result in changing the data!)
Apart from that, you should take a look at how sessions work. You should store the already entered value in a session, or the database backend, and when the form is getting printed, you should check against what value is already present in the session or database.
Related
I am making a form for the admin area of WordPress. Here is the code so far;
<form method="post" action=options.php">
<?php update_option('gpspl_options', $gpspl_options);?>
<input type="text" name="gpspl_options" value="$gpspl_options"/>
<input type="submit" value="Save Changes"/>
</form>
On the page in the admin area the text box is auto filled with "$gpspl_options". However when I add the text and hit submit it does not update the wp_options table in the database.
What am I missing?
You always call update_option() on whatever is stored in $gpspl_options. You never do anything with the posted value ($_POST['gpspl_options']). So the posted value never gets saved. If you want to save the posted value, you need something like this:
if (isset($_POST['gpspl_options'])) {
update_option('gpspl_options', $_POST['gpspl_options']);
}
As for the text field, you always initialize the text field to the literal string "$gpspl_options" (not the value of the variable $gpspl_options). To use the value, you need something like this:
<?php
$gpspl_options = isset($_POST['gpspl_options']) ? $_POST['gpspl_options'] : '';
?>
<input type="text" name="gpspl_options" value="<?php echo $gpspl_options; ?>"/>
You might want to read an introductory PHP tutorial covering variables, variable names, output, and so on.
That said, all this mixing of logic and output is not good practice. It's what Wordpress does and therefore kind of encourages, but that doesn't mean you should do it, too.
Probably very simple this one, but it's still troubling me.
I have a form, embedded in php, which I need to perform validation on.
An example of one of the fields is:
Server 1:
</td>
<td>
<input name='1_server[1]' value='$defaultserver1' id='server1' required oninvalid="this.setCustomValidity('Please enter server name/IP Address for this connection')">
</td>
</tr>
...as per the above, I have a default value that can be set/inserted when the page loads, but I mainly want to cater for if this isn't set.
If you delete the field, the validation works fine. The problem is, retyping in the field still persist to show the invalid warning.
To Summarise:
If field is empty, and the form submit button is clicked, validation warning shows. You can't, however, fill in the form after this point, as it seems to get 'stuck' in think that the field is 'invalid', even if you complete it.
Can anyone help? I've no doubt I'm being soft...
Edit: Fiddle here https://jsfiddle.net/v03sb4hq/
Resolved this.
setting the oninvalid="setCustomValidity('please fill in')" flag will, on invalid input, set the Validity to a fixed state of 'invalid'.
To counter-act this, I need to state a cleared flag when an input is detected on the same field, i.e. oninput="setCustomValidity('')"
So, my revised code is now...
<input name='1_server[1]' value='$defaultserver1' id='server1' required oninvalid="setCustomValidity('Please enter server name/IP Address for this connection')" oninput="setCustomValidity('')">
Fiddle updated here: https://jsfiddle.net/v03sb4hq/2/
Is $defaultserver1 a php variable? In that case you'd have to echo it within the HTML code, I think.
<input name='1_server[1]' value='<?php echo $defaultserver1;?>' id='server1' required oninvalid="this.setCustomValidity('Please enter server name/IP Address for this connection')">
it might seem weird but i have a strange problem. when i submit a form and check the request from network console of chrome developer tool it shows all the data is submitted but when i get that data in my update file it won't show all the data. the data is submitted as array. like i have below input field in form. total of 330 field we have with the same name and when we add new dynamic field and put data into it and then submit it won't save.
<input type="text" name="txtOptions[]" id="txtOption<?= $i ?>" value="<?= formValue($sOption) ?>" maxlength="100" size="25" class="textbox title" />
when is get on server side and print the data it won't show all the data.
$sOptions = IO::getArray("txtOptions");
print_r("<pre>");
print_r($sOptions);
print_r("</pre>");
exit();
I've tried hard to find out what's going on there is hidden field in my form of MAX_FILE_SIZE. I also try to change the value of this and make it more but nothing happen
<input type="hidden" name="MAX_FILE_SIZE" value="10485760" />
This only happening on live server not on localhost. any idea. sorry for not to be clear of my question but this is what i have first time in my life.
The IO::getArray are the custom classes functions.
i've found the solution. Actually i have above 1000 input variables in my form which is been generated dynamically and in my php.ini the max_input_vars has been set to 1000 only,that's why i was getting only 1000 input variable values not more than that.
i had no idea that the issue will be the number of input variables. I thought it might be an issue of file size.
just wanted to find out the safest way to do something so it is not vulnerable.
Say I have a url like www.mysite.com?name=nick
This loads a static html page with a form. One of the forms fields is
<input type="text" id="pName" value="" name="pName" readonly>
What is the best way to get the url param into the value of this input? Basically, I have an app which will be used by several people in different locations. I need a way to identify who is using it, so I thought I could just add their name into the url and then inject this into my form.
Any information appreciated,
UPDATE
Going off the comments, I have added this to the top of index.php
<?php
session_start();
if (!isset($_SESSION['pName'])) {
$_SESSION['pName'] = $_GET['pName'];
}
?>
And then the input is like so
<input type="text" id="pName" value="<?php $_SESSION['pName'] ?>" name="pName" readonly>
Would this be acceptable?
Use session and put $_SESSION['YourSessionVariable'] into textbox.
<?php
$valueForTextbox = '';
if(isset($_POST['yourSubmitName'])){
$_SESSION['pName'] = $valueForTextbox = $_POST['pName'];
}else if(isset($_SESSION['pName'])){
$valueForTextbox = $_SESSION['pName'];
}
?>
<input type="text" id="pName" value="<?php echo $valueForTextbox;?>" name="pName" readonly>
Why ?
What if I change url GET parameter ? It will be security issue as well..
Also if I have to maintain that data in many pages(say a wizard to complete) And if I delete some parameters from URL, it will create issue.
Query string will be unnecessarily big with GET parameters which can easily saved in sessions.
Edit :
When form is Not submitted. Fetch value from Database rather than taking from Query string. And after form submit put value in SESSION. Form posting will keep updating value for that session variable.
If the user is to be defined in the URL, you must check on the server, if the user is authorized.
Since you need to have a safe method to identify the authorized user, the identification happens before the form is called, for example through login.
On login you store the user's name on the server, usually in the session, then you forward him to the form.
If a user tries to call the form for another, not identified user, you will realize this on the server. The form comes back, but the user does not match the username stored in the session.
Now, as you already have the user in the session, the question arises, if you really need the user in the url. Reasons for that could be, that you want more than one form open at a time, or you have authorized access to the form of other users (for example admin access).
I have a multiple upload textbox that I generate based on questions in my database. Right now my problem is that at the input, I have written <input type="file" name="file[<?php echo $id;?>]"/>, and when i want to save it, I write the program as $_FILES['file']['name'][$start]; where $start is a number I declared to match the question number. For example, if the file[123] is in the textbox, the post field when saving the information is also $_FILES['file']['name'][123].
But when I try to find if the textbox file[123] sent something like $_FILES['file']['name'][$start]<>"", it posts nothing.
This is the code when saving the information:
<input multiple name="file[<?php echo id;?>]" type="file" size="50" maxlength="100">
if ($_FILES['file']['name'][$start]<>""){
$fname=$_FILES['file']['name'][$start];
$tandatangan=$fname;
mysql_query("UPDATE answer SET document='$tandatangan' WHERE user_id='$id_user' and id_question='$id_soalan' ");
move_uploaded_file($_FILES["file"]["tmp_name"],"../files/$tandatangan");
}